Network Working Group J. Schoenwaelder
Request for Comments: 5345 Jacobs University Bremen
Category: Informational October 2008
Simple Network Management Protocol (SNMP)
Traffic Measurements and Trace Exchange Formats
Status of This Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
IESG Note
The IESG thinks that this work is related to IETF work done in the
Operations and Management Area related to SNMP, but this does not
prevent publishing. This RFC is not a candidate for any level of
Internet Standard. The IETF disclaims any knowledge of the fitness
of this RFC for any purpose and notes that the decision to publish is
not based on IETF review apart from the IETF Last Call on the
allocation of a URI by IANA and the IESG review for conflict with
IETF work. The RFC Editor has chosen to publish this document at its
discretion. See RFC 3932 for more information.
Abstract
The Simple Network Management Protocol (SNMP) is widely deployed to
monitor, control, and (sometimes also) configure network elements.
Even though the SNMP technology is well documented, it remains
relatively unclear how SNMP is used in practice and what typical SNMP
usage patterns are.
This document describes an approach to carrying out large-scale SNMP
traffic measurements in order to develop a better understanding of
how SNMP is used in real-world production networks. It describes the
motivation, the measurement approach, and the tools and data formats
needed to carry out such a study.
This document was produced within the IRTF's Network Management
Research Group (NMRG), and it represents the consensus of all of the
active contributors to this group.
Schoenwaelder Informational [Page 1]RFC 5345 SNMP Traffic Measurements October 2008Table of Contents
1. Introduction ....................................................3
2. Measurement Approach ............................................4
2.1. Capturing Traffic Traces ...................................5
2.2. Converting Traffic Traces ..................................6
2.3. Filtering Traffic Traces ...................................7
2.4. Storing Traffic Traces .....................................7
2.5. Analyzing Traffic Traces ...................................8
3. Analysis of Traffic Traces ......................................9
3.1. Basic Statistics ...........................................9
3.2. Periodic versus Aperiodic Traffic ..........................9
3.3. Message Size and Latency Distributions .....................9
3.4. Concurrency Levels ........................................10
3.5. Table Retrieval Approaches ................................10
3.6. Trap-Directed Polling - Myths or Reality? .................10
3.7. Popular MIB Definitions ...................................11
3.8. Usage of Obsolete Objects .................................11
3.9. Encoding Length Distributions .............................11
3.10. Counters and Discontinuities .............................11
3.11. Spin Locks ...............................................12
3.12. Row Creation .............................................12
4. Trace Exchange Formats .........................................12
4.1. XML Representation ........................................12
4.2. CSV Representation ........................................17
5. Security Considerations ........................................18
6. IANA Considerations ............................................19
7. Acknowledgements ...............................................19
8. References .....................................................20
8.1. Normative References ......................................20
8.2. Informative References ....................................20
Schoenwaelder Informational [Page 2]RFC 5345 SNMP Traffic Measurements October 20081. Introduction
The Simple Network Management Protocol (SNMP) was introduced in the
late 1980s [RFC1052] and has since then evolved to what is known
today as the SNMP version 3 Framework (SNMPv3) [RFC3410]. While SNMP
is widely deployed, it is not clear what protocol versions are being
used, which protocol features are being used, how SNMP usage differs
in different types of networks or organizations, which information is